IETF Logo Mail Archive

Re: [TLS] Using both External PSK and (EC)DH in TLS 1.3

Martin Thomson <martin.thomson@gmail.com> Wed, 04 January 2017 02:36 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2747512997F for <tls@ietfa.amsl.com>; Tue, 3 Jan 2017 18:36:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nJL8gaXnsy38 for <tls@ietfa.amsl.com>; Tue, 3 Jan 2017 18:36:44 -0800 (PST)
Received: from mail-qt0-x233.google.com (mail-qt0-x233.google.com [IPv6:2607:f8b0:400d:c0d::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE12412944F for <tls@ietf.org>; Tue, 3 Jan 2017 18:36:43 -0800 (PST)
Received: by mail-qt0-x233.google.com with SMTP id c47so479843520qtc.2 for <tls@ietf.org>; Tue, 03 Jan 2017 18:36:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=J1eA/WHkzbxtsauWi3Nun3eH3qf3/mRUADER7eU0BQY=; b=Eh+aGaoNVaRS4W16IzBIhESl20M+zeMGyymJfjNUWUNUiqtH2UhLADLAFHfB794USg WJyg63gKHdLSYgVRwb8LHL0veTA4VYz6+xBNBvxR5otziSK45VP6VyCV5H9vAeetb875 TKtbhihRMOBZqfvvXSjoVJLI6cciIKU4BgE0+fRBKAiBIcq2QrPlFtQce5DuZx1ZOeQY +prCcZK68zN+OWh9kCdM+R/xzv6RRBAm6YwrmDswiWMNlPqU6crdoY2An1dyIo5NJwnq bIAm1lcDbYoiuICzedPz7KJBBZMsTBS9d4uOSfrEUsp7hrVEgX9XEw5bNg2SZ6mSAPKF rQvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=J1eA/WHkzbxtsauWi3Nun3eH3qf3/mRUADER7eU0BQY=; b=lBTvu8Yx0TU4N1H9iePGFNoSEzYoG6Y8Rj9F8pTLK62FfOOoQIV4XbP81vCnW80Gdd IUIplCb+T6o2ZgWRiT6cxAF8PDxsyS9UprJC4nzCZY5+I3u07vTjRB2WuOLtUl0hJT9r kGYnWxDLms0Cwu+zkhVqUZCgXWrVouw++lu9FUoHVFJtz+ayhYUa4InmvJ8EQGXfjBLi snYD4Ozjs4MyQnWSWRXw1VyWKEJOtHNUa4uNkYuV41roLmeFlQVroCyB70sJgp0HPU4V wzYiUBaaxsbCr48IlafSPi/YoMuW2XT3zKWAatOvfl9MXt8ZXO7KoO1/KPUU23CHQZLY Rq8Q==
X-Gm-Message-State: AIkVDXIR+WIL00MjACitoND+7PvuUKcLoiyVPp/lAONmQTF9v3WYPhfyGlhDRUR605DTIGlwoqTRoRqvaz/PKA==
X-Received: by 10.237.55.97 with SMTP id i88mr61105770qtb.143.1483497403070; Tue, 03 Jan 2017 18:36:43 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.38.233 with HTTP; Tue, 3 Jan 2017 18:36:42 -0800 (PST)
In-Reply-To: <1b678d65-b146-b25f-c1ad-6dfc044f7ce0@akamai.com>
References: <0DA64421-5975-4B7E-BC08-7428AFA9D1A1@vigilsec.com> <CAF8qwaB8+o20QP71=zuCJ2EXt9EGFuLcn4s6es=gjnOccZE9fQ@mail.gmail.com> <9D8BEE12-49F9-4DE3-81C7-909CB114805F@vigilsec.com> <1b678d65-b146-b25f-c1ad-6dfc044f7ce0@akamai.com>
From: Martin Thomson <martin.thomson@gmail.com>
Date: Wed, 04 Jan 2017 13:36:42 +1100
Message-ID: <CABkgnnXfw45-R-Tvf2cZQGb4a5mas2yZRXT4q3ArRyTMSF9x2Q@mail.gmail.com>
To: Benjamin Kaduk <bkaduk@akamai.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/0-91aCrzRZTIwiJKiuwjLXCd0G0>
Cc: IETF TLS <tls@ietf.org>
Subject: Re: [TLS] Using both External PSK and (EC)DH in TLS 1.3
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jan 2017 02:36:45 -0000

On 4 January 2017 at 12:02, Benjamin Kaduk <bkaduk@akamai.com> wrote:
> I also had the sense that ekr noted that we didn't want to do this in the
> core spec.
> So, could you point me more clearly at what you would want to change in the
> core spec that would allow doing the thing you want to see done in a future
> document?  (Is it just removing "i.e., when a PSK is not in use"?)

I for one am interested in having a mode that allows for PSK+cert, but
it's hard to reason through.  It falls into the same bucket as
additive *server* authentication, which has the same inherent
problems.  Foremost being a solid analysis.

Mechanically, it is fairly simple to add as an extension.  That makes
me confident that we can do this later.

v2.23.0 | Report a Bug | By Email